Browse > Article
http://dx.doi.org/10.9723/jksiis.2021.26.3.023

The Influence of Security Motivation and Organization Trust on Information Security Compliance: Focusing on Moderation Effects of Work Promotion Focus  

Hwang, Inho (국민대학교 교양대학)
Hu, Sungho (중앙대학교 심리학과)
Publication Information
Journal of Korea Society of Industrial Information Systems / v.26, no.3, 2021 , pp. 23-39 More about this Journal
Abstract
Investment of organization in information security is increasing, but information security threats within the organization are not decreasing. The purpose of this study is to suggest a direction to increase the information security compliance intention of employees. In detail, the study presents the positive effects of security motivation and organization trust on the information security compliance intention, and presents the moderating effect of work promotion focus. Research model and hypothesis verification are confirmed through structural equation modeling and the study conducted a questionnaire technique to the employees of the organization applying the information security policy for quantitative verification. As a result, information security punishment and value congruence had a positive affect on the compliance intention by mediating organization trust. In addition, work promotion focus had a moderating effect on the positive relationship between the precedent factors on the compliance intention. The research has academic and practical implications from the viewpoint of presenting the factors of the organization's efforts to improve the level of information security compliance by insiders.
Keywords
Information Security Compliance Intention; Punishment; Value Congruence; Organization Trust; Work Promotion Focus;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Higgins, E. T. (1997). Beyond Pleasure and Pain, American Psychologist, 52(12), 1280-1300. DOI : 10.1037/0003-066X.52.12.1280.   DOI
2 Hwang, I., and Cha, O., (2018). Examining Technostress Creators and Role Stress as Potential Threats to Employees' Information Security Compliance, Computers in Human Behavior, 81, 282-293. DOI : 10.1016/j.chb.2017.12.022.   DOI
3 Son, J. Y. (2011). Out of Fear or Desire? Toward a better Understanding of Employees' Motivation to Follow IS Security Policies, Information & Management, 48(7), 296-302. DOI : 10.1016/j.im.2011.07.002.   DOI
4 Burns, A. J. (2021). Protecting Organizational Information Assets: Exploring the Influence of Regulatory Focus on Rational Choices, In Proceedings of the 54th Hawaii International Conference on System Sciences (p. 5228).
5 Cazier, J. A., Shao, B. B. and Louis, R. D. S. (2007). Sharing Information and Building Trust through Value Congruence, Information Systems Frontiers, 9(5), 515-529. DOI : 10.1007/s10796-007-9051-6.   DOI
6 Chen, Y., Ramamurthy, K. and Wen, K. W. (2012). Organizations' Information Security Policy Compliance: Stick or Carrot Approach? Journal of Management Information Systems, 29(3), 157-188. DOI : 10.2753/MIS0742-1222290305.   DOI
7 Gillespie, N. and Dietz, G. (2009). Trust Repair After an Organization-Level Failure, Academy of Management Review, 34(1), 127-145. DOI : 10.5465/amr.2009.35713319.   DOI
8 Gino, F. and Margolis, J. D. (2011). Bringing Ethics into Focus: How Regulatory Focus and Risk Preferences Influence (un) Ethical Behavior, Organizational Behavior and Human Decision Processes, 115(2), 145-156. DOI : 10.1016/j.obhdp.2011.01.006.   DOI
9 Grandviewresearch. (2019). Cyber Security Market Size, Share & Trends Analysis Report by Component, by Security Type, by Solution, by Service, by Deployment, by Organization, by Application, and Segment Forecasts, 2019 - 2025. https://www.globenewswire.com.
10 Guo, K. H., Yuan, Y., Archer, N. P. and Connelly, C. E. (2011). Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model, Journal of Management Information Systems, 28(2), 203-236. DOI : 10.2753/MIS0742-1222280208.   DOI
11 Herath, T. and Rao, H. R. (2009). Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness, Decision Support Systems, 47(2), 154-165. DOI : 10.1016/j.dss.2009.02.005.   DOI
12 Hoyle, R. H. and Kenny, D. A., (1999). Sample Size, Reliability, and Tests of Statistical Mediation, Statistical Strategies for Small Sample Research, 1, 195-222.
13 Hwang, I. (2020). A Study on the Mitigation of Information Security Avoid Behavior: From Goal Setting, Justice, Trust perspective, Journal of Digital Convergence, 18(12), 217-229. DOI : 10.14400/JDC.2020.18.12.217.   DOI
14 Hwang, I., Kim, D., Kim, T. and Kim, S. (2017). Why Not Comply with Information Security? An Empirical Approach for the Causes of Non-compliance, Online Information Review, 41(1), 2-18. DOI : 10.1108/OIR-11-2015-0358.   DOI
15 Keller, P. A. (2006). Regulatory Focus and Efficacy of Health Messages, Journal of Consumer Research, 33(1), 109-114. DOI : 10.1086/504141.   DOI
16 Little, T. D., Bovaird, J. A. and Widaman, K. F. (2006). On the Merits of Orthogonalizing Powered and Product Terms: Implications for Modeling Interactions among Latent Variables, Structural Equation Modeling, 13(4), 497-519. DOI: 10.1207/s15328007sem1304_1.   DOI
17 Kim, J., Kim, K. and Park, H. (2018). The Impact of Family-Friendly Corporate Culture on Employees' Behavior, Journal of the Korea Industrial Information Systems Research. 23(2), 75-92. DOI : 10.9723/jksiis.2018.23.2.075.   DOI
18 Lau, D. C., Liu, J. and Fu, P. P. (2007). Feeling Trusted by Business Leaders in China: Antecedents and the Mediating Role of Value Congruence, Asia Pacific Journal of Management, 24(3), 321-340. DOI 10.1007/s10490-006-9026-z.   DOI
19 Liang, H., Xue, Y. and Wu, L. (2013). Ensuring Employees' it Compliance: Carrot or Stick?, Information Systems Research, 24(2), 279-294. DOI : 10.1287/isre.1120.0427.   DOI
20 Mayer, R. C., Davis, J. H. and Schoorman, F. D. (1995). An Integrative Model of Organizational Trust, Academy of Management Review, 20(3), 709-734. DOI : 10.5465/amr.1995.9508080335   DOI
21 Mulder, L. B., Verboon, P. and De Cremer, D. (2009). Sanctions and Moral Judgments: The Moderating Effect of Sanction Severity and Trust in Authorities, European Journal of Social Psychology, 39(2), 255-269. DOI : 10.1002/ejsp.506.   DOI
22 Nachmias, D. (1985). Determinants of Trust within the Federal Bureaucracy. In Rosenbloom, D. H. (Eds), Public Personnel Policy: The Politics of Civil Service, New York: Associated Faculty Press, Port Washington, 133-143.
23 Neubert, M. J., Kacmar, K. M., Carlson, D. S., Chonko, L. B. and Roberts, J. A. (2008). Regulatory Focus as a Mediator of the Influence of Initiating Structure and Servant Leadership on Employee Behavior, Journal of Applied Psychology, 93(6), 1220-1233. DOI : 10.1037/a0012695.   DOI
24 Nunnally, J. C. (1978). Psychometric Theory (2nd ed.), New York: McGraw-Hill.
25 Park, K. (2019). A Study on the Influence of the Perception of Personal Information Security of Youth on Security Attitude and Security Behavior, Journal of the Korea Industrial Information Systems Research, 24(4), 79-98. DOI : 10.9723/jksiis.2019.24.4.079.   DOI
26 Pinder, C. C. (1998), Work Motivation in Organizational Behavior, Upper Saddle River, NJ: Prentice Hall.
27 Safa, N. S. and von Solms, R. (2016). An Information Security Knowledge Sharing Model in Organizations, Computers in Human Behavior, 57, 442-451. DOI : 10.1016/j.chb.2015.12.037.   DOI
28 Vance, A., Siponen, M. and Pahnila, S. (2012). Motivating IS Security compliance: Insights from Habit and Protection Motivation Theory, Information & Management, 49(3-4), 190-198. DOI : 10.1016/j.im.2012.04.002.   DOI
29 Agarwal, V. (2013). Investigating the Convergent Validity of Organizational Trust. Journal of Communication Management, 17(1), 24-39. DOI : 10.1108/13632541311300133.   DOI
30 van der Werff, L., Legood, A., Buckley, F., Weibel, A. and de Cremer, D. (2019). Trust Motivation: The Self-Regulatory Processes Underlying Trust Decisions, Organizational Psychology Review, 9(2-3), 99-123. DOI : 10.1177/2041386619873616.   DOI
31 Wixom, B. H. and Watson, H. J. (2001). An Empirical Investigation of the Factors Affecting Data Warehousing Success, MIS Quarterly, 25(1), 17-41. DOI : 10.2307/3250957.   DOI
32 Chatman, J. A. (1989). Improving Interactional Organizational Research: A Model of Person-Organization Fit, Academy of management Review, 14(3), 333-349. DOI : 10.5465/amr.1989.4279063.   DOI
33 Boss, S., Galletta, D., Lowry, P. B., Moody, G. D. and Polak, P. (2015). What Do Systems Users have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors, MIS Quarterly, 39(4), 837-864.   DOI
34 Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness, MIS Quarterly, 34(3), 523-548.   DOI
35 D'Arcy, J., Hovav, A. and Galletta, D. (2009). User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research, 20(1), 79-98. DOI : 10.1287/isre.1070.0160.   DOI
36 Guo, K. H. and Yuan, Y. (2012). The Effects of Multilevel Sanctions on Information Security Violations: A Mediating Model, Information & Management, 49(6), 320-326. DOI : 10.1016/j.im.2012.08.001.   DOI
37 Chang, K. C., Hsu, Y. T., Hsu, C. L. and Sung, Y. K. (2019). Effect of Tangibilization Cues on Consumer Purchase Intention in the Social Media Context: Regulatory Focus Perspective and the Moderating Role of Perceived Trust, Telematics and Informatics, 44, Advance online publication. DOI : 10.1016/j.tele.2019.101265
38 Kristof-Brown, A. L., Zimmerman, R. D. and Johnson, E. C. (2005). Consequences of Individuals' Fit at Work: A Meta-Analysis of Person-Job, Person-Organization, Person-Group, and Person-Superior Fit, Personnel psychology, 58(2), 281-342. DOI : 10.1111/j.1744-6570.2005.00672.x.   DOI
39 West, R. (2008). The Psychology of Security, Communications of the ACM, 51(4), 34-40. DOI : 10.1145/1330311.1330320.   DOI
40 Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y. and Podsakoff, N. P. (2003). Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies, Journal of Applied Psychology, 88(5), 879-903. DOI : 10.1037/0021-9010.88.5.879.   DOI
41 Verizon. (2020). Data Breach Investigations Report. https://enterprise.verizon.com/resources/reports/dbir.
42 Lowry, P. B., Posey, C., Bennett, R. B. J. and Roberts, T. L. (2015). Leveraging Fairness and Reactance Theories to Deter Reactive Computer Abuse Following Enhanced Organisational Information Security Policies: An Empirical Study of the Influence of Counterfactual Reasoning and Organisational Trust, Information Systems Journal, 25(3), 193-273. DOI : 10.1111/isj.12063.   DOI
43 Fornell, C. and Larcker, D. F. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research, 18(1), 39-50. DOI: 10.2307/3151312.   DOI